The present invention relates to a communication system and a communication method in which a client and a server belong to different communication networks and communicate via gateway servers that relay the different communication networks and, more particularly, intends to reduce the burden of a client system in encryption communication.
In recent years, because of the advent of World Wide Web (referred to as xe2x80x9cWebxe2x80x9d hereinafter), various services can be offered on the Internet. Especially, it is expected that the electronic commerce and the Internet banking service are spread much more in the future.
In these services, insurance of the security is the absolute condition. However, furtive glance of the data can be relatively easily carried out in the present Internet. In particular, since normally the data are transmitted/received as the text without encryption in the Web, it is impossible to say that the security can be sufficiently ensured.
Currently, the security is ensured on the Internet by using various public keys and the common keys, and digest of the data based on the Hash function. Especially, as the protocol for enabling the secure communication between the client and the server on the Web, SSL (Secure Sockets Layer) is widely employed.
For example, in xe2x80x9cCommunication System, Message Processing Method, and Computer Systemxe2x80x9d set forth in Patent Application Publication (KOKAI) Hei 10-135942, an example of the message process communication system using the public key cipher is disclosed.
Meanwhile, in the prior art, the Internet is used on the personal computer (abbreviated as xe2x80x9cPCxe2x80x9d hereinafter) or the workstation (abbreviated as xe2x80x9cWSxe2x80x9d hereinafter). However, in recent years, the use on various equipments other than PC begins. For example, the mobile information terminal and the mobile telephone that can utilize the Web appear.
These devices are small and portable. If these devices are connected to the Internet via the radio network such as the mobile telephone network, the electronic commerce and the banking service using the Internet are available at any time in any place.
However, normally these devices have a processing speed slower than the PC and small memory capacity, and thus restrictions on the installed softwares are great.
The encryption/decryption softwares and the SSL protocol necessary for the electronic commerce and the banking service using the Internet to ensure the security need complicated computation. Thus, the load is heavy to perform the processes by the mobile information terminal whose processing ability is limited rather than the PC. There is such a possibility that the service cannot be offered smoothly.
By the way, normally the data flowing through the mobile telephone network are encrypted. The encrypting and decrypting functions of the data are provided originally to the terminal of the mobile telephone.
In other words, unlike the Internet, the security is established as the communication network in the mobile telephone network.
Therefore, for the terminal employed on the communication network in which the security is ensured, it may be considered as the extra process to execute the encryption and decryption processes necessary for transmission/reception of the data on the Internet in addition to the security offered by the communication network.
The present invention has been made in light of such problems, and it is an object of the present invention to provide a communication method capable of reducing the burden of the terminal device, that is connected to the Internet via the communication network such as the mobile telephone network, whose security is ensured, and used to carry out the electronic commerce and the banking service, and a communication system for embodying the communication method.
In a communication method of the present invention, in a communication that is carried out between a content server unit for managing content data and a client system located on a different communication network from the content server unit via a gateway server unit for relaying different communication networks, if security of communication between the client system and the gateway server unit is ensured, encryption of data is not performed in communication networks between the client system and the gateway server unit and the encryption of data is performed only by the communication by the communication networks between the gateway server unit and the content server unit, whose security is not ensured.
Also, in a communication system for embodying this communication method, a data communicating means for transmitting/receiving data to/from the gateway server unit, and an encryption communication requesting means for sending out a security request of communication between the client system and the content server unit via the data communicating means are provided to a client system, and also a client data communicating means for transmitting/receiving the data to/from the client system, a server data communicating means for transmitting/receiving the data to/from the content server unit, and an encryption communication controlling means for performing setting process of encryption communication between the gateway server unit and the content server unit in response to the security request from the client system via the server data communicating means and performing decryption of encrypted data received from the server data communicating means and encryption of the data to be output to the server data communicating means are provided to a gateway server unit.
Therefore, installing of the encryption/decryption processing systems into the client system can be omitted while ensuring the security in all communication routes between the client system and the content server unit, and thus the burden of the client system can be reduced.
According to a first aspect of the present invention, in a communication method which is carried out between a content server unit for managing content data and a client system located on a different communication network from the content server unit via a gateway server unit for relaying different communication networks, if security of communication between the client system and the gateway server unit is ensured, encryption of data is not performed in communication networks between the client system and the gateway server unit and the encryption of data is performed only by the communication by the communication networks between the gateway server unit and the content server unit, whose security is not ensured. Therefore, there is no necessity to set the encryption communication and install the processing system for decrypting the encrypted data into the client system, and thus the burden of the client system can be reduced.
According to a second aspect of the present invention, the client system sends out a security request of a communication route to the gateway server unit, the gateway server unit sets up encryption communication between the content server unit and the gateway server unit in response to this, the content server unit encrypts data to be transmitted to the client system and then transmits it to the gateway server unit, and the gateway server unit decrypts the data and transmits it to the client system. Therefore, the data transmitted from the content server unit is encrypted and then transmitted securely.
According to a third aspect of the present invention, the client system sends out a security request of a communication route together with data transmission to the gateway server unit, the gateway server unit sets up encryption communication between the content server unit and the gateway server unit in response to this, then encrypts the data, and then transmits it to the content server unit. Therefore, the data transmitted from the gateway server unit to the content server unit is encrypted and then transmitted securely.
According to a fourth aspect of the present invention, in a communication system in which communication is carried out between a content server unit for managing content data and a client system located on a different communication network from the content server unit via a gateway server unit for relaying different communication networks, the client system and the gateway server unit are connected via a communication network whose security is ensured, a data communicating means for transmitting/receiving data to/from the gateway server unit, and an encryption communication requesting means for sending out a security request of communication between the client system and the content server unit via the data communicating means are provided to the client system, and also a client data communicating means for transmitting/receiving the data to/from the client system, a server data communicating means for transmitting/receiving the data to/from the content server unit, and an encryption communication controlling means for performing setting process of encryption communication between the gateway server unit and the content server unit in response to the security request from the client system via the server data communicating means and performing decryption of encrypted data received from the server data communicating means and encryption of the data to be output to the server data communicating means are provided to the gateway server unit. Therefore, there is no necessity to set the encryption communication and install the processing system for decrypting the encrypted data into the client system, and thus the burden of the client system can be reduced.
According to a fifth aspect of the present invention, a web protocol processing means for transmitting/receiving the data of World Wide Web to/from the gateway server unit via the data communicating means is provided to the client system, and also a web protocol processing means for transmitting/receiving the data of World Wide Web via the client data communicating means and the server data communicating means is provided to the gateway server unit. Therefore, while ensuring the security of data transmission that uses the Web Protocol such as HTTP, the burden of the client system can be reduced.